Answer the question
In order to leave comments, you need to log in
How to optimally distribute functions between mikrotiks?
Need advice.
Network in anticafe: 3 computers in LAN and a guest radio network from 10 to 50 smartphones/laptops/tablets.
Available
- two mikrotik RB2011UiAS-2HnD-IN
- two mikrotik RB951Ui-2HnD
How to optimally distribute the functions between them : gateway, router, Wi-Fi access point, access point controller CAPsMAN, DHCP, DNS, VPN server (for one - two rare connections)
Options:
1. Is it optimal to use only two RB2011, one of which will perform all the functions, and the second will be only a CAP managed access point?
2. I tend to this option: hang all the functions not related to the wireless network on one RB951, and leave the wireless network functions for two RB2011, one of which will be the CAPsMAN controller, and the second CAP access point?
3. Or is it better to make one RB951 only a gateway, hang all functions on RB2011, and make the second RB2011 an access point CAP?
Answer the question
In order to leave comments, you need to log in
All functions are hung up on 1 mikrotik. The second second same Mikrotik stands as a backup, in case the first one fails. On it, the settings are the same as on the first one.
The other 2 Mikrotiks are used only for distributing wifi.
Then see if the resources of one Mikrotik are enough. If not, then start redistributing the load
I really liked the advice from Semka. the most correct solution, and reserve them, so that in the event of a hang / fall of one, the second flies up automatically, the configs can be compared with a script and periodically (once a day, or a week - depending on how often the settings change) tighten. I would organize VPN accounting by radius, from the same take-dos server, so as not to produce config lines.
But! if the author has a desire to use all the pieces of iron and scatter the functionality, then I would (for the sake of playing) would do this:
2011 - gateway; DHCP; DNS
951 - vpn; CAP-server
the rest is your choice. the main thing is not to strongly fence the firewall for 2011, tk. percent there is so-so, in fact, as in the 951s
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question